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METHOD AND APPARATUS FOR VOICE OVER IP 
NETWORK ADDRESS TRANSLATION 

BACKGROUND OF THE INVENTION 
[0001] The present invention relates to voice 
communications and more particularly to packetized voice 
communications transferred over an Internet Protocol (IP) packet 
network . 

[0002] The traditional telephone network, known as the 
Public Switched Telephone Network (PSTN) is a vast network that 
carries voice traffic from phone to phone around the world. The 
PSTN is a circuit switched network which uses an array of 
switches to form a dedicated line connection extending between 
the phones for the duration of the call. 

[0003] Packet networks operate differently than circuit 
switched networks, breaking up the data or voice traffic into 
small packets or datagrams which are sent independently across 
the packet network. A dedicated line is not established between 
endpoints in a packet network and the separate packets may 
travel different routes through the network to reach the 
destination. 

[0004] Voice traffic can also be sent from phone to phone 
using a combination of both packet networks and the PSTN. 
Service providers effectively utilize the benefits of both 
networks by providing an intermediate managed network 10 shown 
in Fig. 1 which connects customers to both the PSTN 12 and a 
global packet network 14, such as the Internet. Customers can 
have one or more enterprises 15 each having a private network 16 
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connected to the managed network 10. Each enterprise can include 
a plurality of endpoints 18 which may be phones, computers, 
software controlled phones called softphones or any other known 
endpoints - 

[0005] The managed network 10 offers customer enterprises 
15 a variety of voice and data services at lower costs. For 
example, toll charges associated with establishing a dedicated 
line connection can be avoided using a packet network. Also, 
compression techniques enable packetized voice traffic to be 
transferred over the PSTN 12 using less bandwidth than typical 
PCM voice signals. 

[0006] To move voice traffic over packet networks 10, 14, 
16, voice conversations are digitized and packetized. The voice 
packets are identified for proper routing over the packet 
network using a known packetization format generally known as 
Voice over Internet Protocol (VoIP) . VoIP uses IP addressing 
schemes to uniquely identify the source and destination endpoint 
addresses . 

[0007] Public IP addresses are unique addresses on the 
global IP network. However, there are a limited number of 
unique public IP addresses available according to the IP address 
format defined by Request for Comments (RFC) 791 (Internet 
Architecture Board) . In order to conserve IP addresses, 
enterprises 15 which administer their own private networks 16 
can use private IP addresses. Separate private networks 16 can 
use the same private addresses. The private addresses uniquely 
identify the endpoints within the private network, but are not 
unique to the global IP packet network 14 and perhaps the 
managed network 10. 

[0008] However, to interconnect these private networks 16 
address resolution is needed to eliminate addressing conflicts 
since endpoints 18 from different enterprises 15 may be using 
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the same IP address. Network Address Translation (NAT) has been 
used for data traffic such as emails, web browsing, etc. to 
translate between private and public IP addresses to enable 
private and public networks to be interconnected. 

[0009] VoIP presents new challenges for NAT, since VoIP 
traffic packets have IP addresses embedded in the payloads of 
the packet envelope. Previously, VoIP NAT has been done using a 
dedicated NAT device, such as a router or firewall 19, located 
at each enterprise site. However this approach becomes 
increasingly more difficult and costly to implement as more 
private networks 16 are serviced by the managed IP network 10 
and as more VoIP protocols are implemented in the industry. 

[00010] Accordingly, it is desirable to provide VoIP NAT 
which is scalable and less costly to implement for a large 
number of private networks 16 connected to intermediate networks 
such as those managed by service providers. 

SUMMARY OF THE INVENTION 
[00011] According to the present invention, an IP services 
switch that supports packetized voice traffic in the form of 
voice packets from a plurality of enterprises having a plurality 
of endpoints is provided. More than one enterprises can use the 
same private IP addresses. The IP services switch includes a 
plurality of NAT tables, each of which corresponds to a separate 
enterprise private network for providing header and payload IP 
address translations which are unique to the IP services switch 
for the voice packets corresponding to each separate enterprise 
endpoint . 

[00012] In accordance with another aspect of the invention, 
a method of NAT in an intermediate service provider network for 
IP voice traffic packets corresponding to a plurality of private 
networks is provided. The private networks include a plurality 
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of endpoints having private IP addresses and more than one of 
the private networks can use at least some of the same non- 
unique private IP addresses. The method includes providing a 
virtual router having first and second NAT tables, receiving 
VoIP packets from a first private network having headers and 
payloads with non-unique private IP addresses, and translating 
the private header and payload IP addresses to IP addresses 
which are unique to the intermediate network using the first NAT 
table. The method also includes receiving VoIP packets from a 
second private network having headers and payloads with non- 
unique private IP address, and translating the private header 
and payload IP addresses to IP addresses which are unique to the 
intermediate network using the second NAT table. 

[00013] Other features, benefits and advantages of this 
invention will become apparent to those skilled in the art from 
the following detailed description of the preferred embodiments, 
when read in light of the accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[00014] The invention may take form in certain components 

and structures, preferred embodiments of which will be 

illustrated in the accompanying drawings wherein: 

[00015] FIG. 1 is a block diagram of a conventional service 

provider offering VoIP services to a plurality of enterprises 

wherein each enterprise includes a standalone dedicated machine 

for doing NAT; 

[00016] FIG. 2 is a block diagram of a service provider 
having a virtual router for doing NAT for several enterprise 
private networks in accordance with the invention; 

[00017] FIG. 3 is a block diagram illustrating NAT of header 
and payload enterprise private IP addresses to intermediate 
private IP header and payload addresses; 
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[00018] FIG. 4 is a block diagram illustrating NAT of header 
and payload intermediate private IP addresses to enterprise 
private addresses in accordance with the invention; 

[00019] FIG. 5 is a block diagram illustrating NAT of header 
and payload enterprise private IP addresses to public IP 
addresses in accordance with the invention; and 

[00020] FIG. 6 is a block diagram illustrating NAT of header 
and payload public IP addresses to enterprise private IP 
addresses in accordance with the invention. 

DETAILED DESCRIPTION OF THE INVENTION 
[00021] It is to be understood that the specific devices and 
processes illustrated in the attached drawings, and described in 
the following specification are simply exemplary embodiments of 
the inventive concepts defined in the appended claims. Hence, 
specific protocols and other characteristics relating to the 
embodiments disclosed herein are not to be considered as 
limiting . 

[00022] Referring to Fig. 2, a service provider network is 
shown generally at 20 for providing managed IP voice and data 
services to a plurality of customer enterprises 25a-25n. Each 
enterprise 25a-25n includes an enterprise private network 26a- 
26n having plurality of endpoints 28a-28n. The endpoints 28a- 
28n can be any known telephones capable of IP telephony, 
including but not limited to dedicated IP telephones or Personal 
Computers (PC's) running a software application which allows the 
PC to perform the functions of an IP phone. For example, 
enterprise private network 26a includes two hundred and fifty 
five endpoints 28ai - 28a 2 55, and enterprise private network 26b 
includes sixty four endpoints 28b x - 28b 6 4 • 
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[00023] The service provider network 20 is an intermediate 
packet network connecting the enterprise private networks 26a- 
26n to the global IP packet network 14, such as the Internet, 
and the PSTN 12. The service provider network 20 includes a 
central office 30 with an IP services switch 40 having internal 
virtual routers 41a-41n that supports packetized voice traffic 
in the form of voice packets from a plurality of enterprise 
private networks 26a-26n. In the example provided herein, the 
service provider network 20 includes a single central office 30 
having a single intermediate network. Alternatively, the 
service provider network 20 may includes a plurality of central 
offices 30 each corresponding to an intermediate network. 

[00024] The service provider network 20 also includes a 
known Media Gateway and Call Server 32, which can be any known 
Gateway/Call Server such as for example an iMerge® Centrex 
Feature Gateway made by AG Communication Systems of Phoenix 
Arizona, a subsidiary of Lucent Technologies. A class 5 switch 
34 is used to connect the intermediate network 20 to the PSTN 12 
in a known manner. Alternatively, a class 4 switch can be used 
in place of the class 5 switch 34. 

[00025] The IP services switch 40 includes a plurality of 
NAT tables 42a-42n each managed by a separate virtual router 
41a-41n. Each NAT table 42a-42n is stored in a separate memory 
space of the IP services switch 40 and corresponds to a separate 
enterprise private network 26a-26n. The IP services switch 40 
also includes a known Input/Output (I/O) device 36 for 
connecting each virtual router 41a-41n with the corresponding 
enterprise network 26a-26n via a known Wide Area Network 38. 

[00026] Each customer provides the service provider with the 
private IP addresses the customer will use on each of the 
customer's private enterprise networks 26a-26n. The service 


provider does not need to administer the customer private IP 
addresses, this is done by each individual customer. The 
customer IP addresses can be public addresses, although more 
commonly they will be private IP addresses. More than one 
customer may use the same private IP addresses. 

[00027] The service provider creates NAT assignments for 
each NAT table, assigning intermediate IP addresses to the 
corresponding private IP addresses used in the customer's 
private enterprise networks 26a-26n. The assignments can be 
static assignments using 1:1 assignments of one intermediate IP 
address from a static pool of IP addresses for each private IP 
address. Alternatively, the assignments can be dynamic, pulling 
the intermediate IP addresses from a dynamic pool of IP 
addresses which does not contain the same number of intermediate 
IP addresses as the number of private IP addresses. In dynamic 
addressing, when an intermediate IP address is no longer used, 
for example the call is completed, the IP address is used again 
for translating a different private IP address used in a 
different call. 

[00028] Each NAT table 42a-42n translates the private IP 
addresses 46a-46n in both the header and the payload of the VoIP 
traffic of the corresponding enterprise private network 26a-26n 
into an intermediate header and payload IP address 48a-48n for 
use by the intermediate service provider network 20. Further, 
each NAT table 42a-42n translates both the header and the 
payload intermediate network IP addresses 48a-48n of the VoIP 
traffic corresponding to the service provider network 20 into 
the header and payload private IP addresses 46a-46n of the 
corresponding enterprise private networks 26a-26n. The 
invention can use any known protocol for VoIP NAT translations 
including but not limited to H.323vl, H.323v2, MGCP, H.248 and 
SIP. 
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[00029] Still referring to Fig. 2, the enterprise private 
network 26a includes 255 endpoints 28ai-28a 2 s5 each having a 
separate private address of 10.1.1.1 - 10.1.1.255 as shown at 
46a. The IP services switch includes a NAT table 42a which 
corresponds to the enterprise private network 26a. The NAT 
table 42a translates the addresses 10.1.1.1 - 10.1.1.255 of the 
endpoints 28ai-28a 2 55 into intermediate addresses 10.10.1.1 - 
10.10.1.255 as shown at 48a for VoIP traffic coming from the 
private network 26a going to the intermediate network 20 (which 
may be going to the PSTN, the global network 14, or to another 
private network 26a-26n) . The NAT table 42a also translates the 
intermediate addresses 10.10.1.1 - 10.10.1.255 into the private 
addresses 10.1.1.1 - 10.1.1.255 of the endpoints 28ai-28a 255 for 
VoIP traffic coming from the intermediate network 20 (which may 
have previously come from the PSTN 12, the global network 14, or 
another private network 26a-26n) going to the private network 
26a. The invention allows each enterprise private network 26a- 
26n to use any suitable known private IP addressing scheme, 
providing the advantage that enterprises 25a-25n do not need to 
change their existing private addresses 46a-46n already in use. 

[00030] Referring to Figs. 3 and 4, the invention also 
provides IP address conflict resolutions when enterprise private 
networks 26a-26n using the same private IP addresses are 
connected to the service provider's intermediate network 20. In 
Fig. 3, two endpoints 28a 5 5 and 28b 5 s, from private networks 26a 
and 26b respectively, each use the same private IP addresses 
10.1.1.55. In an example of communication from the enterprise 
private networks 26a-26n, such as a call setup, both endpoints 
28a 5 s and 28b 5 s communicate with the Gateway/Call Server 32 which 
for the purposes of this example has a destination address of 
208.14.1.7. However, since both endpoints use the same private 
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addresses as source addresses 56a, 56b, and 58a, 58b, NAT is 
needed to resolve this conflict. 

[00031] The IP services switch 40 includes virtual router 
41a having NAT table 42a corresponding to the private enterprise 
network 26a for providing NAT for both the header source IP 
address 56a and the payload source IP address 58a corresponding 
to endpoint 28a 5 5. The private source IP address of 10.1.1.55 is 
translated to the intermediate source IP address of 10.10.1.55 
in any suitable known manner. 

[00032] Further, the IP services switch 40 includes virtual 
router 41b having NAT table 42b corresponding to the private 
network 26b for providing NAT for both the header source address 
56b and the payload source address 58b corresponding to endpoint 
28b 55 . The private source IP address of 10.1.1.55, which is same 
private address as that used by 28a 5 5^ is translated to the 
intermediate source IP address of 10.10.2.55 in any suitable 
known manner. The intermediate source IP addresses 10.10.1.55 
and 10.10.2.55 are each unique to the intermediate network thus 
resolving the addressing conflict. In this example, these 
addresses are private to the intermediate network 20 and are not 
unique to the global IP packet network 14. 

[00033] In Fig. 4, when the Gateway/Call Server 32 responds 
back to the endpoints 28a 55 and 28b 5 s the source and destination 
are switched, that is, the intermediate private addresses 
10.10.1.55 and 10.10.2.55, identifying endpoints 28a 55 and 28b 55 
respectively, become destination addresses. The NAT tables 42a 
and 42b translate the private intermediate destination addresses 
for both the header destination addresses 57a and 57b and the 
payload destination addresses 59a and 59b to the enterprise 
private network IP addresses corresponding to endpoints 28a 55 and 
28b 55 . 
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[00034] In the examples shown in Figs. 3 and 4, the 
invention uses private intermediate IP addresses which are not 
unique on the global IP packet network 14. Alternatively, 
according to a second embodiment of the invention shown in Figs. 
5 and 6, the IP services switch 40 of the invention can use 
public intermediate IP addresses which are unique to both the 
intermediate IP network 20 and the global IP packet network 14. 
For example, in Fig. 5, when communicating from the enterprise 
private network endpoints 28a 5 s and 28b 5 s, both using the same IP 
address 10.1.1.55 as a destination address, to the Gateway/Call 
Server 32, the NAT tables 42a and 42b translate the common 
private source addresses to the public IP source addresses of 
200.12.1.55 and 200.12.2.55 respectively. This NAT is done for 
both the source IP header addresses 56a and 56b and the source 
IP payload address 58a and 58b. 

[00035] In Fig. 6, when communicating from the Gateway/Call 
Server 32 in the service provider's intermediate network 20 to 
the private networks endpoints 28a 5 s and 28b 5 s, the NAT tables 
42a and 42b translate the public IP source addresses of 
200.12.1.55 and 200.12.2.55 to the same destination addresses 
10.1.1.55 for both endpoints 28a 55 and 28b 55 . This NAT is done 
for both the destination IP header addresses 57a and 57b and the 
destination IP payload address 59a and 59b. 

[00036] The invention has been described with reference to 
preferred embodiments. Obviously, modifications and alterations 
will occur to others upon reading and understanding the 
preceding specification. It is intended that the invention be 
construed as including all such modifications and alterations 
insofar as they come within the scope of the appended claims or 
the equivalents thereof. 


